git.ipfire.org Git - thirdparty/curl.git/commit

]> git.ipfire.org Git - thirdparty/curl.git/commit

projects / thirdparty / curl.git / commit

author	Daniel Stenberg <daniel@haxx.se>
	Tue, 12 May 2020 22:52:34 +0000 (00:52 +0200)
committer	Daniel Stenberg <daniel@haxx.se>
	Wed, 13 May 2020 06:02:42 +0000 (08:02 +0200)
commit	e1f3f3a14f678a8469ffd2d032fa1a237a6aad98
tree	f8a1cb5042189e31cf87203947b9b177aa3739c1	tree \| snapshot
parent	3ff89286a99b41f8b63a0ac9c55f6383e9f3bc53	commit \| diff

url: reject too long input when parsing credentials

Since input passed to libcurl with CURLOPT_USERPWD and
CURLOPT_PROXYUSERPWD circumvents the regular string length check we have
in Curl_setstropt(), the input length limit is enforced in
Curl_parse_login_details too, separately.

Reported-by: Thomas Bouzerar
Closes #5383

lib/url.c

diff | blob | blame | history

Mirror of https://github.com/curl/curl.git

RSS Atom